Systems and methods for creating and synchronizing security metadata within synchronized-data networks

US 8,756,656 B1
Filed: 09/30/2008
Issued: 06/17/2014
Est. Priority Date: 09/30/2008
Status: Active Grant

First Claim

Patent Images

1. A method for creating and synchronizing security metadata for data objects within synchronized-data networks, at least a portion of the method being performed by a computing device comprising at least one central processing unit, the method comprising:

identifying a synchronized-data network, the synchronized-data network comprising a plurality of computing devices and a plurality of synchronized data objects that are synchronized across the plurality of computing devices;

identifying a data object that is capable of being synchronized within the synchronized-data network;

identifying a need to perform a security operation on the data object to determine the trustworthiness of the data object;

offloading the security operation within the synchronized-data network by;

determining, by performing the security operation, the trustworthiness of the data object;

generating security metadata for the data object that identifies the determined trustworthiness of the data object;

synchronizing the security metadata that identifies the determined trustworthiness of the data object within the synchronized-data network to prevent computing devices within the synchronized-data network from performing additional redundant trustworthiness determinations on the data object.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for creating and synchronizing security metadata for data objects within a synchronized-data network is disclosed. This method may comprise: 1) identifying a data object, 2) determining the trustworthiness of the data object, 3) generating security metadata for the data object that identifies the trustworthiness of the data object, and 4) synchronizing the security metadata within the synchronized-data network. The method may also comprise identifying a need to perform a security operation on the data object to determine the trustworthiness of the data object and then offloading or load balancing the security operation within the synchronized-data network. Corresponding systems and computer-readable media are also disclosed.

Citations

18 Claims

1. A method for creating and synchronizing security metadata for data objects within synchronized-data networks, at least a portion of the method being performed by a computing device comprising at least one central processing unit, the method comprising:
- identifying a synchronized-data network, the synchronized-data network comprising a plurality of computing devices and a plurality of synchronized data objects that are synchronized across the plurality of computing devices;
  
  identifying a data object that is capable of being synchronized within the synchronized-data network;
  
  identifying a need to perform a security operation on the data object to determine the trustworthiness of the data object;
  
  offloading the security operation within the synchronized-data network by;
  
  determining, by performing the security operation, the trustworthiness of the data object;
  
  generating security metadata for the data object that identifies the determined trustworthiness of the data object;
  
  synchronizing the security metadata that identifies the determined trustworthiness of the data object within the synchronized-data network to prevent computing devices within the synchronized-data network from performing additional redundant trustworthiness determinations on the data object.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein synchronizing the security metadata within the synchronized-data network comprises publishing the security metadata within the synchronized-data network using a publish/subscribe protocol.
  - 3. The method of claim 1, wherein synchronizing the security metadata within the synchronized-data network comprises at least one of:
    - packaging the security metadata with the data object;
      
      arranging, staging, or ordering synchronization of the security metadata and the data object to mitigate race conditions.
  - 4. The method of claim 1, wherein at least one of the plurality of computing devices comprises a network-based storage device.
  - 5. The method of claim 1, wherein the plurality of computing devices are associated with:
    - a single user;
      
      a plurality of users.
  - 6. The method of claim 1, further comprising:
    - determining that the data object is untrustworthy;
      
      in response to the determination that the data object is untrustworthy, preventing the data object from being synchronized within the synchronized-data network.
  - 7. The method of claim 1, further comprising:
    - determining that the data object is trustworthy;
      
      in response to the determination that the data object is trustworthy, allowing the data object to be synchronized within the synchronized-data network.
  - 8. The method of claim 7, further comprising:
    - identifying a proposed modification to the data object;
      
      determining the trustworthiness of the proposed modification;
      
      modifying the security metadata for the data object to identify the trustworthiness of the proposed modification;
      
      synchronizing the modified security metadata within the synchronized-data network.
  - 9. The method of claim 1, wherein performing the security operation comprises load balancing the security operation within the synchronized data network.
  - 10. The method of claim 9, further comprising coordinating offloading or load balancing of the security operation based on attributes of the security metadata.
  - 11. The method of claim 1, further comprising limiting access to the security metadata to users or software with appropriate privileges.
  - 12. The method of claim 1, further comprising buffering incoming synchronization data to mitigate race conditions.

13. A system for creating and synchronizing security metadata for data objects within synchronized-data networks, the system comprising:
- a security module and a synchronization module for;
  
  identifying a synchronized-data network, the synchronized-data network comprising a plurality of computing devices and a plurality of synchronized data objects that are synchronized across the plurality of computing devices;
  
  identifying a data object that is capable of being synchronized within the synchronized-data network;
  
  identifying a need to perform a security operation on the data object to determine the trustworthiness of the data object;
  
  offloading the security operation within the synchronized-data network by;
  
  determining, by performing the security operation, the trustworthiness of the data object;
  
  generating security metadata for the data object that identifies the determined trustworthiness of the data object;
  
  synchronizing the security metadata that identifies the determined trustworthiness of the data object within the synchronized-data network to prevent computing devices within the synchronized-data network from performing additional redundant trustworthiness determinations on the data object;
  
  at least one central processing unit configured to execute the security module and the synchronization module.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The system of claim 13, wherein the plurality of computing devices are associated with:
    - a single user;
      
      a plurality of users.
  - 15. The system of claim 13, wherein the security module is configured to run on each of the plurality of computing devices within the synchronized-data network.
  - 16. The system of claim 13, wherein the synchronization module is configured to run on each of the plurality of computing devices within the synchronized-data network.
  - 17. The system of claim 13, wherein the security module performs the security operation by load balancing the security operation within the synchronized-data network.

18. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by a computing device, cause the computing device to:
- identify a synchronized-data network, the synchronized-data network comprising a plurality of computing devices and a plurality of synchronized data objects that are synchronized across the plurality of computing devices;
  
  identify a data object that is capable of being synchronized within the synchronized-data network;
  
  identify a need to perform a security operation on the data object to determine the trustworthiness of the data object;
  
  offload the security operation within the synchronized-data network by;
  
  determining, by performing the security operation, the trustworthiness of the data object;
  
  generating security metadata for the data object that identifies the determined trustworthiness of the data object;
  
  synchronizing the security metadata that identifies the determined trustworthiness of the data object within the synchronized-data network to prevent computing devices within the synchronized-data network from performing additional redundant trustworthiness determinations on the data object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Veritas Technologies, LLC (Whitehouse Group Ltd.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Hartmann, Alfred
Primary Examiner(s)
LEE, JASON T

Application Number

US12/241,308
Time in Patent Office

2,086 Days
Field of Search

726/3, 726/26, 703/3, 709/223
US Class Current

726/3
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

H04L 63/1408 by monitoring network traff...

Systems and methods for creating and synchronizing security metadata within synchronized-data networks

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for creating and synchronizing security metadata within synchronized-data networks

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links